How to exclude VS logs from the Avi UI based on the Significance "Client sent plain request on https port"
search cancel

How to exclude VS logs from the Avi UI based on the Significance "Client sent plain request on https port"

book

Article ID: 407654

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

 

In some cases, Avi logs may be marked as significant even though they do not represent a real issue.

For example, In the VS log entry:

 

SSL Error: client sent a plain request on HTTPS port

 

This means a client is trying to talk HTTP over an HTTPS port. By default, Avi (VMware Avi Load Balancer) marks this as Significant, since it could mean a misconfigured client.  (e.g., when users access the HTTPS service using http:// instead of https://).

curl -kv http://<Vip ip>:443 (Virtual service on port 443 with SSL)

curl -kv http://<Vip ip>:80 (Virtual service on port 80 with SSL)

 

Even when the log is not critical, Avi continues to categorize it under Significant Logs, which may lead to unnecessary log monitoring or alerts

Environment

All environment

Resolution

To prevent such logs from being flagged as significant:

Use "Exclude http status code" knob that logs under Analytics profile to acheive this from the VS logs.

It is best practice to create a new custom Analytics Profile and apply it to the specific Virtual Service, since modifying the system default Analytics Profile would affect all Virtual Services.

Additional Information

Best Practice: Before excluding, validate that the log is not associated with a misconfiguration or actual client issue.

When to Ignore This Log

  • If the environment expects occasional HTTP traffic on an HTTPS port.

  • If application behavior is unaffected and no service disruptions are observed.

 

Powered by Wolken Software